Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Security] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- Средство контроля пользовательских учетных записей (UAC)
- %WINDIR%\AhnLab_V3.exe
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\del.bat" "
- ClassName: '' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass' WindowName: ''
- ClassName: '' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'FilemonClass' WindowName: ''
- ClassName: '' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- %WINDIR%\del.bat
- %WINDIR%\AhnLab_V3.exe
- %WINDIR%\AhnLab_V3.exe
- '11#.#50.65.102':80
- ClassName: '18467-41' WindowName: ''